Mercurial > libervia-backend
annotate sat/plugins/plugin_sec_pubsub_signing.py @ 3963:d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
- attachment setting was crashing when `item_elt` was not specified due to argument typo
- if `signer` is set to None in attachment data, client's bare jid will be used to sign
the item
rel 381
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 30 Oct 2022 01:06:58 +0200 |
| parents | a15c171836bb |
| children | 524856bd7b19 |
| rev | line source |
|---|---|
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Items Signature |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import time |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from typing import Any, Dict, List, Optional |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from lxml import etree |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 import shortuuid |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.internet import defer |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from twisted.words.protocols.jabber import jid, xmlstream |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.words.xish import domish |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from wokkel import disco, iwokkel |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from wokkel import pubsub |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from zope.interface import implementer |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 from sat.core import exceptions |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 from sat.core.constants import Const as C |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 from sat.core.core_types import SatXMPPEntity |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 from sat.core.i18n import _ |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 from sat.core.log import getLogger |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 from sat.tools import utils |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 from sat.tools.common import data_format |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
40 from .plugin_xep_0373 import VerificationFailed |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 log = getLogger(__name__) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 IMPORT_NAME = "pubsub-signing" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 PLUGIN_INFO = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 C.PI_NAME: "Pubsub Signing", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 C.PI_IMPORT_NAME: IMPORT_NAME, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 C.PI_TYPE: C.PLUG_TYPE_XEP, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 C.PI_MODES: C.PLUG_MODE_BOTH, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 C.PI_PROTOCOLS: [], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_MAIN: "PubsubSigning", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_HANDLER: "yes", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_DESCRIPTION: _( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Pubsub Signature can be used to strongly authenticate a pubsub item""" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 ), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 class PubsubSigning: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 namespace = NS_PUBSUB_SIGNING |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 def __init__(self, host): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 log.info(_("Pubsub Signing plugin initialization")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 host.registerNamespace("pubsub-signing", NS_PUBSUB_SIGNING) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 self.host = host |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 self._p = host.plugins["XEP-0060"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 self._ox = host.plugins["XEP-0373"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 self._a = host.plugins["XEP-0470"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 self._a.register_attachment_handler( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 host.bridge.addMethod( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 "psSignatureCheck", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 ".plugin", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 in_sign="sssss", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 out_sign="s", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 method=self._check, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 async_=True, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 def getHandler(self, client): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return PubsubSigning_Handler() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 def get_data_to_sign( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 item_elt: domish.Element, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 to_jid: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 timestamp: float, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 signer: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 ) -> bytes: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """Generate the wrapper element, normalize, serialize and return it""" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 # we remove values which must not be in the serialised data |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 item_id = item_elt.attributes.pop("id") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 item_publisher = item_elt.attributes.pop("publisher", None) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 item_parent = item_elt.parent |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 # we need to be sure that item element namespace is right |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 to_elt = sign_data_elt.addElement("to") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 to_elt["jid"] = to_jid.userhost() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 time_elt = sign_data_elt.addElement("time") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 time_elt["stamp"] = utils.xmpp_date(timestamp) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 sign_data_elt.addElement("signer", content=signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 sign_data_elt.addChild(item_elt) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 # complete. For now serialisation/deserialisation is more secure. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml()) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 to_sign = etree.tostring( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 et_sign_data_elt, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 method="c14n2", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 with_comments=False, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 strip_text=True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 # the data to sign is serialised, we cna restore original values |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 item_elt["id"] = item_id |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 if item_publisher is not None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 item_elt["publisher"] = item_publisher |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 item_elt.parent = item_parent |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 return to_sign |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 def _check( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 service: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 item_id: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 signature_data_s: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 profile_key: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 ) -> defer.Deferred: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 d = defer.ensureDeferred( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 self.check( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 self.host.getClient(profile_key), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
141 jid.JID(service), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 node, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 item_id, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 data_format.deserialise(signature_data_s) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 d.addCallback(data_format.serialise) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 return d |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 async def check( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 service: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
155 item_id: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 signature_data: Dict[str, Any], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 ) -> Dict[str, Any]: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
158 items, __ = await self._p.getItems( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 client, service, node, item_ids=[item_id] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 if not items != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 raise exceptions.NotFound( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 f"target item not found for {item_id!r} at {node!r} for {service}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 item_elt = items[0] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 timestamp = signature_data["timestamp"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 signers = signature_data["signers"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 if not signers: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 raise ValueError("we must have at least one signer to check the signature") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 if len(signers) > 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 raise NotImplemented("multiple signers are not supported yet") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 signer = jid.JID(signers[0]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 signature = base64.b64decode(signature_data["signature"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 verification_keys = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 k for k in await self._ox.import_all_public_keys(client, signer) |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
176 if client.gpg_provider.can_sign(k) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 try: |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 except VerificationFailed: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 validated = False |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 validated = True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 trusts = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 for k in verification_keys |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 return { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 "signer": signer.full(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 "validated": validated, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 "trusts": trusts, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 def signature_get( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
199 attachments_elt: domish.Element, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 data: Dict[str, Any], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 ) -> None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 try: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 signature_elt = next( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 except StopIteration: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 pass |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 if len(time_elts) != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 raise exceptions.DataError("only a single <time/> element is allowed") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 try: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 except (KeyError, exceptions.ParsingError): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 raise exceptions.DataError( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 "invalid time element: {signature_elt.toXml()}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
217 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 signature_data: Dict[str, Any] = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 "timestamp": timestamp, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 "signers": [ |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
222 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 ] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 # FIXME: only OpenPGP signature is available for now, to be updated if and |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 # when more algorithms are available. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 sign_elt = next( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 None |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 if sign_elt is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 log.warning( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 "no known signature profile element found, ignoring signature: " |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 f"{signature_elt.toXml()}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 return |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 signature_data["signature"] = str(sign_elt) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
239 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 data["signature"] = signature_data |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 async def signature_set( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 attachments_data: Dict[str, Any], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 former_elt: Optional[domish.Element] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 ) -> Optional[domish.Element]: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 signature_data = attachments_data["extra"].get("signature") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 if signature_data is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
250 return former_elt |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
251 elif signature_data: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 item_elt = signature_data.get("item_elt") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 service = jid.JID(attachments_data["service"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 if item_elt is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 node = attachments_data["node"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 item_id = attachments_data["id"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
257 items, __ = await self._p.getItems( |
|
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
258 client, service, node, item_ids=[item_id] |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
259 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 if not items != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 raise exceptions.NotFound( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 f"target item not found for {item_id!r} at {node!r} for {service}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 item_elt = items[0] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 |
|
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
266 signer = signature_data.get("signer") or client.jid.userhost() |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 timestamp = time.time() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 timestamp_xmpp = utils.xmpp_date(timestamp) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 signature_elt = domish.Element( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 (NS_PUBSUB_SIGNING, "signature"), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
274 time_elt = signature_elt.addElement("time") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
275 time_elt["stamp"] = timestamp_xmpp |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 signature_elt.addElement("signer", content=signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 signing_keys = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
280 k for k in self._ox.list_secret_keys(client) |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
281 if client.gpg_provider.can_sign(k.public_key) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 # the base64 encoded signature itself |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 sign_elt.addContent( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 base64.b64encode( |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
286 client.gpg_provider.sign_detached(to_sign, signing_keys) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 ).decode() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 return signature_elt |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 return None |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 async def _publish_trigger( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 service: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 items: Optional[List[domish.Element]], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 options: Optional[dict], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 sender: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 extra: Dict[str, Any] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 ) -> bool: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 if not items or not extra.get("signed"): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 return True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 for item_elt in items: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 # we need an ID to find corresponding attachment node, and so to sign an item |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 if not item_elt.hasAttribute("id"): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 item_elt["id"] = shortuuid.uuid() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 await self._a.set_attachements( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 client, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 "service": service.full(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 "node": node, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
315 "id": item_elt["id"], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
316 "extra": { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 "signature": { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 "item_elt": item_elt, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 "signer": sender.userhost(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 return True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 @implementer(iwokkel.IDisco) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 class PubsubSigning_Handler(xmlstream.XMPPHandler): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
330 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
331 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
332 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
333 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
334 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
335 return [] |